[Samba] Upgrading from Samba 4.0.1 to 4.1.6
jwaters at h2os.com
Fri Mar 14 10:28:58 MDT 2014
I just grep'd the log file and found this, so I think you are correct
root at blhblahblah:/usr/local/samba-4.1.6/var# grep pem *
log.samba: invalid permissions on file
'/usr/local/samba/private/tls/key.pem': has 0644 should be 0600
log.samba: Invalid permissions on TLS private key file
log.samba: Removing all tls .pem files will cause an auto-regeneration
with the correct permissions.
On Fri, Mar 14, 2014 at 11:53 AM, Jason Waters <jwaters at h2os.com> wrote:
> Great I will try that tonight. Thank you for the help! I will make
> sure I let you know if that fixed it or not.
> On Fri, Mar 14, 2014 at 11:50 AM, Marc Muehlfeld <samba at marc-muehlfeld.de>wrote:
>> Hello Jason
>> Am 14.03.2014 16:18, schrieb Jason Waters:
>> Took a quick look in /usr/local/samba/var/samba.log and saw the ldap
>> I guess you hit this fix:
>> In setups which provide ldap(s) and/or https services, the private
>> key for SSL/TLS encryption might be world readable. This typically
>> happens in active directory domain controller setups.
>> You would have this in your logs, then:
>> [2014/01/29 20:19:14.836873, 0, pid=4311] ../lib/util/util.c:161(file_
>> invalid permissions on file '/usr/local/samba/private/tls/key.pem':
>> has 0644 should be 0600
>> [2014/01/29 20:19:14.843206, 0, pid=4311] ../source4/lib/tls/tls_
>> Invalid permissions on TLS private key file
>> owner uid 0 should be 0, mode 0644 should be 0600
>> This is known as CVE-2013-4476.
>> Removing all tls .pem files will cause an auto-regeneration with the
>> correct permissions.
>> This is about the TLS keys for LDAP encryption. Remove the key files and
>> restart Samba.
>> I've added this to the Wiki page, too, as we often had this problem on
>> the list in the past:
More information about the samba